ktx/pnpm-workspace.yaml
Andrey Avtomonov 6d01030745
fix(deps): patch 22 Dependabot security alerts (#328)
Bump transitive dependencies to their patched versions to clear all open
Dependabot advisories. npm fixes go through the pnpm-workspace.yaml
overrides block; the Python fix goes through uv.lock.

npm: undici 6.27.0/7.28.0, hono 4.12.25, form-data 4.0.6, ws 8.21.0,
vite 8.0.16, esbuild 0.28.1, js-yaml 4.2.0.
pip: starlette 1.3.1.
2026-07-02 09:24:18 +00:00

32 lines
615 B
YAML

packages:
- "packages/*"
- "docs-site"
overrides:
"@types/node": ^24.3.0
"brace-expansion@>=5.0.0 <5.0.6": 5.0.6
esbuild: 0.28.1
fast-uri: 3.1.2
fast-xml-builder: 1.1.7
form-data: 4.0.6
hono: 4.12.25
ip-address: 10.1.1
js-yaml: 4.2.0
postcss: 8.5.10
"undici@6": 6.27.0
"undici@7": 7.28.0
vite: 8.0.16
ws: 8.21.0
dedupePeerDependents: false
preferWorkspacePackages: true
injectWorkspacePackages: true
syncInjectedDepsAfterScripts:
- build
shamefullyHoist: false
verifyDepsBeforeRun: false
allowBuilds:
better-sqlite3: true
esbuild: true
sharp: true
minimumReleaseAge: 10080